← back
CVE-2024-3596

RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.

CVSS 9 CRITICALEPSS 14.9%
In short

The RADIUS authentication protocol has a critical weakness that allows an attacker on the local network to forge fake authentication responses, potentially tricking systems into granting unauthorized access. This happens because the protocol uses MD5, an outdated encryption method that can be manipulated.

Technical detail

RADIUS (RFC 2865) is vulnerable to chosen-prefix collision attacks against the MD5-based Response Authenticator, enabling local attackers to forge Access-Accept, Access-Reject, or Access-Challenge packets. The attack requires network proximity to intercept and modify responses in transit, compromising authentication integrity and potentially allowing unauthorized access to protected resources.

Summary generated and translated by AI from the official description.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
IETF · RFC
public PoCs found1
githubgithub.com/alperenugurlu/CVE-2024-3596-Detector7
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/html/ssa-364175.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-723487.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-770770.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-794185.htmlhttps://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/https://datatracker.ietf.org/doc/html/rfc2865https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014https://security.netapp.com/advisory/ntap-20240822-0001/https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocolhttps://www.blastradius.fail/https://www.kb.cert.org/vuls/id/456537